can botnets and email spoofing be stopped using the same methods

Posted on 2010-01-04
Medium Priority
Last Modified: 2013-11-16
I am trying to write and report on botnets and email spoofing for my boss,but l am confused on wether  there  can be defended against in a similar manner in a network.
Question by:Phil Mapfumo

Accepted Solution

RonHoffmann earned 500 total points
ID: 26175861
email spoofing would be a method of delivering malicious software to a machine in order to add that machine to a botnet. the botnet would in turn send out those spoofed emails.
email spoofing is now based more on social engineering than anything else. trying to convince the recipient of the spoofed email message that it is legitimate.
The best defense against any email based threat would be to never open an email from someone you don't know. Use a web based email service and have scripting turned off in your browser when you are viewing your email. The web based email services provide some filtering and scripting protection but running firefox with the noscript plugin gives you control of what scripts can run in your browser.
With scripting on it only takes one click to become infected.
Check out the podcast SECURITY NOW with Steve Gibson episode 221 covers some of this.
You can also search the episodes at http://www.grc.com/securitynow.htm
Hope this helps
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 500 total points
ID: 26176378
Well, they are different (but sometimes related) things.

Email spoofing is where the source of a message is deliberately faked; often, not only the sender "from" address, but the original source (by adding additional faked routing lines to the headers, as though it had already passed though several systems before being relayed on)

Email spoofing is commonly associated with phishing (producing a fake email purporting to come from a bank or similar asking for your login details to be entered onto a website in order to gain access to your account)

Botnets are machines "infected" by software which allows the person who initiated the infection to execute programs on the machine without its owner's permission. Usually they will "report in" to a controller (often an IRC server) to obtain orders and updated code, but sometimes they have their own mesh network to avoid authorities taking out an entire net by locating and removing the control site.

One infection vector (and there are many) is an email, spoofed or not. One use of a botnet (and again, there are many) is to send out spam or spoofed emails via the email credentials of the infected machine's ISP account.

Spoofed emails, virus emails and spam emails are the focus of an ongoing war between those who produce such, and those who wish to remove them from the email stream. There are a number of products out there to attempt this, and their success varies literally from day to day. One example would be the "ironport" email filtering host (which uses a combination of reputation filters, pattern matching and virus scanning to remove a significant proportion of bad mail) but that is just one example. non-commercial offerings include things like spamassassin and clamav.

Botnets however are more how you defend against an infected machine (of any type) on your own network - its an internal host outbound, rather than a perimeter defense. Usually this is approached by behavioural monitoring - attempts to send out email, communicate with other workstations and write files to them, or connect to irc servers should be considered suspect (so intrusion detection/prevention here)

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question